Anomaly Processors

George Alpizar
George Alpizar
  • Updated

Overview

This processor combines multiple collocated agent metrics, such as agents running on containers or servers in same data center.

This processor is used in an aggregator agent mode to follow trends and detect anomalies that take place on local clusters. 

Note

This processor is a beta feature. 


Review Parameters

Review the following parameters that you can configure in the Edge Delta App:

Visual Editor YAML Description Required or Optional
Not applicable name

Enter a descriptive label for this processor. 

When you create a workflow, you will use this label to enter your processor into the workflow.

This parameter is required. 

Review the following example:

container-cpu-anomalies
Required
Not applicable metric_name

Enter a metric name to monitor for anomalies.

This parameter is required. 

Review the following example:

metric_name: cpu_host_perc.value
Required
Not applicable interval

This parameter is a golang duration string that represents the reporting (or rollup) interval for the generated statistics.

The default value is 1m.

This parameter is optional. 

Review the following example:

interval: 30s
Optional
Not applicable retention

golang duration string that represents how far back the agent should look when generating anomaly scores.

The default value is 3h.

This parameter is optional. 

Review the following example:

retention: 1h
Optional
Not applicable trigger_thresholds

This parameter defines threshold limits, based on calculated metrics.

When a threshold is reached, the agent notifies the corresponding trigger destinations in the same workflow.

You can configure the following trigger threshold types:

  • anomaly_probability_percentage
  • upper_limit_per_interval
  • lower_limit_per_interval
  • consecutive

This parameter is optional. 

Review the following example:

trigger_thresholds: 
anomaly_probability_percentage: 90
upper_limit_per_interval: 250
consecutive: 5
Optional
Not applicable anomaly_probability_percentage (trigger_thresholds)

This parameter sets the confidence level / probability of an anomaly that needs to be reached to trigger an alert. 

For example, if you enter 90, then an alert will trigger when there is a 90% probability that the detected pattern is an anomaly. 

Enter a number between 0 and 100.

There is no default value. 

This parameter is optional.

Review the following example: 

trigger_thresholds: 
anomaly_probability_percentage: 90
Optional
Not applicable upper_limit_per_interval (trigger_thresholds)

This parameter sets a static threshold to trigger an alert.  

If the number of events that match the given pattern for the most recent reporting interval is greater than the limit, then an alert will be triggered.

There is no default value. 

This parameter is optional.

Review the following example:  

trigger_thresholds: 
upper_limit_per_interval: 250
Optional
Not applicable lower_limit_per_interval (trigger_thresholds)

This parameter sets a static threshold to trigger an alert.

If the number of events that match the given pattern for the most recent reporting interval is less than the limit, then an alert will trigger.

There is no default value. 

This parameter is optional.

Review the following example: 

trigger_thresholds: 
lower_limit_per_interval: 10
Optional
Not applicable consecutive (trigger_thresholds)

This parameter sets how many consecutive times a threshold must be exceeded to trigger an alert.  

The default value is 0, which means that any condition that is met will trigger an alert. 

This parameter is optional.

Review the following example:

trigger_thresholds: 
consecutive: 5
Optional
Not applicable filters

Select an existing filter to add to this input. 

To learn how to create a filter, see Filters.

This parameter is optional. 

Review the following example:

filters:
- extract_severity
Optional

Review Sample Configuration

Review the following sample configuration: 

anomaly_detectors:
  - name: container-cpu-anomalies
    retention: 1h
    metric_name: cpu_host_perc.value
    trigger_thresholds:
      anomaly_probability_percentage: 90

 

Share this document